Skip to main content

QNAP NAS Remote Code Execution Vulnerability

Release Date: 4 Oct 2021 5297 Views

RISK: Medium Risk

TYPE: Servers - Other Servers

TYPE: Other Servers

A vulnerability has been identified in QNAP NAS, a remote user can exploit this vulnerability to trigger remote code execution on the targeted system.


Impact

  • Remote Code Execution

System / Technologies affected

  • QVR 5.1.5 build prior to 20210902

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

  • Apply fixes issued by the vendor:
    QVR 5.1.5 build 20210902 and later

 

Updating QVR

  1. Log on to QVR as administrator.
  2. Go to Control Panel > System Settings > Firmware Update.
  3. Under Live Update, click Check for Update.
    QVR downloads and installs the latest available update.

Tip: You can also download the update from the QNAP website. Go to Support > Download Center and then perform a manual update for your specific device.


Vulnerability Identifier


Source


Related Link